[clamav-users] [Clamav-devel] ClamAV® blog: ClamAV 0.101.1 Patch has been released

Micah Snyder (micasnyd) micasnyd at cisco.com
Wed Jan 9 09:55:50 EST 2019


Hi Alan,

It sounds like your system defaults to having the -Wall and -Wextra compiler flags enabled.  We do indeed still have a lot of work to clean up warnings when building with -Wall and -Wextra, I certainly want to clean up all the warnings long term, but the other remaining ones are, to my knowledge, not as worrisome.

I wasn't actually able to reproduce the warning that Gary reported (with clang or gcc on Mac or Ubuntu 18), but a quick look at the code showed that the issue was real.

The "Variable may be used uninitialized" type warnings are more serious-sounding ones but if I recall correctly, they occur in the tomsfastmath 3rd party library code.  It's on my to-do list to see if there's an update for that code as our copy hasn't been updated in a while.

The warnings in our own code regarding integers of different signedness are probably most concerning.  I very much want to take a stab at cleaning those up as soon as I find time, but it will require much care and heavy regression testing as it can be very easy to break things when changing variable types.

-Micah



On Jan 8, 2019, at 4:16 PM, Alan Stern <stern at rowland.harvard.edu<mailto:stern at rowland.harvard.edu>> wrote:

If anyone is interested, on my system (Fedora 28) building ClamAV
generates a ton of warning messages.  Some of them are bogus, but a lot
are valid.  Things like:

Variable may be used uninitialized;

Variable defined but not used;

Variable set but not used;

Static function declared but not used;

Statement label defined but not used;

Comparing integers of different signedness;

Misleading indentation of "if" - "else" clauses;

Unrecognized command line option ('-Wno-logical-op-parentheses');

Suggest parentheses around '&&' within '||';

Writing to an object with no trivial copy-assignment; use
copy-assignment or copy-initialization instead;

Left-hand operand of comma expression has no effect;

and a few others.  I can send the log file to a developer if anyone
would like to see it.

Alan Stern

On Tue, 8 Jan 2019, Scott Kitterman wrote:

On Tuesday, January 08, 2019 05:05:37 PM Gary R. Schmidt wrote:
On 08/01/2019 05:33, Joel Esler (jesler) wrote:
https://blog.clamav.net/2019/01/clamav-01011-patch-has-been-released.html
<https://blog.clamav.net/2019/01/clamav-01011-patch-has-been-released.ht
ml>

ClamAV 0.101.1 Patch has been released

ClamAV 0.101.1 is an urgent patch release to address an issue in 0.101.0
specifically for developers that depend on libclamav. The issue in
0.101.0 is that clamav.h required supporting headers that were not
provided on make install. To address this issue, the internal cltypes.h
header has been replaced by a clamav-types.h that is generated on
./configure and will be installed alongside clamav.h.

Other changes

Increased the default CommandReadTimeout to reduce the chance of mail
loss if using clamav-milter with the TCP socket. Contribution by Scott
Kitterman. Fixes for --with-libjson and --with-libcurl to correctly
accept library install path arguments.

Acknowledgements

 The ClamAV team thanks the following individuals for their code
 submissions: Scott Kitterman>>
Known Issues

Some users have observed crashes the first time running freshclam after
upgrading from 0.100 to 0.101. We haven't yet tracked down the source of
the issue, but have found that the issue resolves itself and that
subsequent calls to freshclam work as expected.

Please download and update to 0.101.1 <http://www.clamav.net/downloads>,
send us your feedback on ClamAV-Users
<http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users>.
Building on Solaris 11.3 with GCC/G++ 7.3.0 and I just noticed gives
this warning.  The warning was also in 0.101.0, and possibly earlier
versions, but I didn't notice it.

----------------------------------------------------------------------
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I../libclammspack -I..
-I./nsis -I../libltdl -DWARN_DLOPEN_FAIL -I/usr/local/include
-I/opt/local/include -I../libclammspack/mspack -DHAVE_INTERNAL_MSPACK
-DHAVE_YARA -DSEARCH_LIBDIR=\"/opt/local/lib\" -I/usr/local/include
-I/usr/include/json-c -I/usr/local/include -I/usr/local/include
-I/usr/include/libxml2 -g -O2 -fno-strict-aliasing -D_LARGEFILE_SOURCE
-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -MT libclamav_la-pdf.lo -MD
-MP -MF .deps/libclamav_la-pdf.Tpo -c pdf.c  -fPIC -DPIC -o
.libs/libclamav_la-pdf.o
pdf.c: In function 'find_length':
pdf.c:947:80: warning: passing argument 5 of 'cli_strntoul_wrap' from
incompatible pointer type [-Wincompatible-pointer-types]
             if (CL_SUCCESS != cli_strntoul_wrap(index,
bytes_remaining, 0, 10, &length)) {

        ^
In file included from yara_clam.h:46:0,
                 from others.h:58,
                 from matcher.h:29,
                 from others.h:22,
                 from pdf.c:56:
str.h:78:12: note: expected 'long unsigned int *' but argument is of
type 'size_t * {aka unsigned int *}'
 cl_error_t cli_strntoul_wrap(const char *buf, size_t buf_size, int
fail_at_nondigit, int base, unsigned long *result);
            ^~~~~~~~~~~~~~~~~

In Debian we haven't uploaded 0.101.1, so I can't confirm that.  I did go back
and look at build logs and for us we have the same warning for 0.101.0.  It is
not present in 0.100.2, so this is a new issue.

Scott K

_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190109/f894f9cf/attachment.html>


More information about the clamav-users mailing list